Feature: allow public calendars #105
Conversation
|
Having events (todos, notes also?) within the public calendar does trigger the authentication dialog. I guess this entries don't have the |
|
Having a calender which is shared, can be changed to a public calender afterwards. And the shared calender entry. The Events got still synchronized. So it seems, this does work? Or should this be more restricted? |
|
Does this allow phonebooks to be shared? |
|
Thanks @1Luc1 for the tests!
That's weird, I didn't have the same behavior (with events only but having the other ones should not change much)
|
|
Hello @david-raine
Unfortunately no, because the underlying sabre-io/dav library does not support it. See #87 |
tchapi
force-pushed
the
feature/public-calendars
branch
7 times, most recently
from
a1f7a61 to
9bc1352
Compare
| public const INVITE_STATUS_NORESPONSE = 1; | ||
| public const INVITE_STATUS_ACCEPTED = 2; | ||
| public const INVITE_STATUS_DECLINED = 3; | ||
| public const INVITE_STATUS_INVALID = 4; | ||
| public const INVITE_NORESPONSE = 1; | ||
| public const INVITE_ACCEPTED = 2; | ||
| public const INVITE_DECLINED = 3; | ||
| public const INVITE_INVALID = 4; | ||
|
|
||
| public const ACCESS_OWNER = 1; | ||
| public const ACCESS_NOTSHARED = 0; |
There was a problem hiding this comment.
🌱 This is mainly to comply with SabreDAV's namings
|
Tested with branch feature/public-calendars
My I be more specific about the behavior. Calling the public calender with the link ( e.g.: davis.at/dav/calendars/public/test) within the browser (firefox) will trigger the authentication dialog only if there are events within the calender. If there are no events within the calender no authentication dialog will be called. On the other hand, subscribing to the public calender within an email client (thunderbird) doesn't open any authentication dialog, even if there is a events within the calender. So, this behavior is acceptable for my understanding. ✅
Tested ✅ |
|
Found an interesting security issue, which is mainly a problem from the user and thunderbirds behavior. Subscribe to a public calendar Thunderbird shows the calendar as read only Change read only within the calendar properties Add events to calendar without providing a password ❌ Maybe add another security check within the user creation to not allow username and password the same? |
Oh ok, understood, thanks a lot for the clarification! I will test that behavior, I have a feeling it's some edge case on the sabre/dav side, but it should be fixable I guess, will work on it.
That's "funny" ... auth is managed by sabre/dav entirely, but it might be Thunderbird that tries to login optimistically by providing the username as a password? I'll try to reproduce |
I think c1b0a00 should fix it |
tchapi
force-pushed
the
feature/public-calendars
branch
from
62d39b6 to
c1b0a00
Compare
Thanks. Just tested your changes and within the browser no authentication dialog appears. ✅ Unfortunately, within Thunderbird an authentication dialog shows up if subscribing to a public calender. ❌ |
This protocol is making me go nuts. Will have a look! |
Can you tell, when you can get another look? |
Unfortunately I'm quite busy on various other subjects so I can't really commit (as it takes quite some time to investigate the code for this feature); I'll do my best to finish next week |
|
Just checked your changes and tried to replicated the usecase where subscribing to a public calendar within thunderbird once worked, but couldn't really redo your changes to make it work. Now I doubt it ever worked 😖 |
|
Did some further digin and found that within within an own |
tchapi
force-pushed
the
feature/public-calendars
branch
from
c1b0a00 to
5874935
Compare
|
Thanks for your ideas. I've tried Thunderbird and could find a potential fix that I implemented in 5874935. |
|
Happy to get your feedback on it. Sorry this is taking quite some time 🙇🏼 |
|
Thanks for your fix. Tested it as good as possible and subscribing without username/password works as intended. Unfortunately, it is now not possible as an owner of the calender to subscribe to the calender with username and password, within Thunderbird. This is of course necessary to write events into the "public" calendar. |
|
During testing I came across a use case, which should be covered within this PR. I mentioned it some comments above and thought it was a problem. Now I think the following use case should be covered: Having a calender which should be shared with other users. The other users have read/write access to the shared calender, meaning a group of users can edit one calender. This calender can also be a public calender. A good example is having an event calender. Some people add/edit events within this calender and want to make the event calender public available to publicity. Before you changed this behavior, you talked about side effects. I'm curious, are there any? |
This will be another use case that I won't cover right now
I have tested and it is possible on my side. Either you provide the credentials and uncheck "read-only" — Thunderbird will ask for the password once (you can store it), and you can create event (as the owner of the calendar). Or you check "read only" and you don't need to authenticate, and will just retrieve the events Below: private version (auth) is the calendar I used to create both events. They appear in the "public" version (of the same calendar) |
|
So all in all, I think it's correctly working as of now (at last!). Will leave it open for a while and then merge to the master |
|
Thanks for re-testing. Your are right, it works as intended. Thanks again for your work!
Alright. Should a make a new Issue for this case? |
🎉 🎉 🎉 🎉 🎉 🎉 🎉
Yes please. Given the time it takes to fiddle with sabre/dav code, I'm not promising anything though sorry. It's really a pain to find circumvention ways for something that should be standard |
Override the default DAVACL plugin to allow public calendars, introducing a new
ACCESS_PUBLICconstantPublic calendars
They are accessible without credentials, even in the browser
Adds a new "Public" field when editing a calendar, to mark the calendar public (the user remains the sole owner as a public calendar cannot be shared for now)
We add a badge in the list to indicate it's public
Related PR: sabre-io/dav#820